TY  - JOUR
T1  - A Study on the Automatic Configuration System for Firewall Blocking Rules Using IPS and NAT Session Mapping Information to Improve Network Web Service Attack Traffic Load in a Network Address Translation Environment
AU  - Son, Byeong-hong 
AU  - Yoo, Myungsik 
JO  - The Journal of Korean Institute of Communications and Information Sciences
PY  - 2024
DA  - 2024/1/1
DO  - 10.7840/kics.2024.49.9.1337
KW  - web Service Attack
KW  - NAT Session Table
KW  - Firewall
KW  - Blocking
AB  - In an Internet web services environment, Layer 7 attacks are blocked by an IPS or WAF device that is installed in front of the web server. Attack traffic still flows from the router to the IPS or WAF internals, causing network load and security threats. By monitoring the IPS or WAF, administrators can set blocking rules on the ingress firewall, but in real-world environments, attacks change dynamically, and attack IP/Ports change in a network address translation environment, making it impossible to manually set blocking rules. In this study, we developed a firewall carrier setting system by collecting and analyzing IPS Layer 7 attack blocking information and NAT session information in real time in a NAT environment, and confirmed through experiments that the internal network load phenomenon and security threats are improved.